Privacy & Cookies Policy

This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. This is important; we hope you will take time to read it carefully.

Our Privacy Policy explains:

What information we collect

Why we process your information

What we do with it

How we share your data

Your rights / access

Browser-Based Controls/ Cookies

How long we keep your information

Transfers abroad

What information we collect

YESSS collects data to operate effectively and provide you the best experiences with our products. You provide some of this data directly when interacting with us, such as when you submit your details to create a YESSS customer account or contact us with a query. We get some of it by recording how you interact with our products by, for example, using technologies like cookies.

You have control over what data we collect. When asked to provide personal data, you may decline. However, if you choose not to provide data that is necessary to provide goods or service, we may not be able to provide the goods or service.

The type and amount of data we collect varies in function of your relationship with us.

Name and contact data: We collect your first and last name, email address, postal address, phone number and other similar contact data such as delivery address.

Credentials: We collect passwords, password hints and similar security information used for authentication and account access.

Demographic data: We collect data about you such as your age, gender.

Payment data: We collect data necessary to process your payment if you make purchases, such as your credit card number, and the security code associated with your payment instrument.

Purchases: We collect data about the quotes you request, the orders you place and purchases you make. If you have an account with us, we also hold information about your balance and any overdue payment.

Credit accounts: If you apply for a credit account, we will collect your information to make searches with credit reference agencies and administer your account. You can find out more about this in the Credit checks section of How we share your data.

Location data: The mobile version of our Website will collect information about your location if location services are enabled on your mobile phone to help you locate your nearest YESSS branch. If your location services are not turned on, we will not collect any information about your location and you will need to manually input a postcode to find your nearest branch.

Your interactions with us: We collect the content of messages, e-mails, letters or phone calls you send us, such as feedback and product reviews you write, or questions and information you provide for customer support. When you contact us, phone conversations may be monitored and recorded.

Information on what you view, click on and access by way of our marketing emails and text messages (SMS or MMS), websites and mobile apps. We also gather this kind of information when you use our in-store WIFI networks to access the internet. We may collect the time and geographic location of your device when you do so. For websites, this information may also include where you came to our site from, and where you went when you left it. We also track how often you visit and use our websites and mobile apps. We do this via email and website cookies and similar tracking technology built into our mobile apps.

Technical information about the devices you use to access our websites and mobile apps. We also collect this detail when you use our in-store WIFI networks to access the internet. We specifically save each device's unique identifying codes (MAC address or IMEI number) device model, device name, relevant IP address, operating system and version, web browser and version, and geographic location.

CCTV: If you enter our branches or other YESSS buildings, your image may be captured by our security cameras. All of our CCTV facilities are handled directly by YESSS. We will regularly delete CCTV footage, unless it is being used to investigate an alleged crime or an incident, in which case it may be retained for up to 2 years following the conclusion of any investigation.

Why we process your information

There are several grounds on which we may collect and use your data, depending on your relationship with us.

Because you have agreed: Where possible, we collect information about you with your consent. This is the case, for instance, when you fill in paper or online forms and choose to provide us with your information.

Because we need it to execute or take steps to enter into a contract with you: If you are one of our customers, we collect or use your personal data because it is necessary for the performance of a contract you are a party to, for instance to deliver goods you have ordered. We may also collect your information because you requested us to take steps prior to entering into a contract with us, for instance when you ask us to give you a quote.

Because it is in our legitimate interest: We also sometimes process your information in pursuit of our legitimate interests to:

· carry out direct marketing activities and send you communications in that regard;

· improve our business and operate it efficiently;

· prevent fraud; and

· ensure general safety and security.

When we process your information on that basis, we always make sure that we balance our interest in having the information with your rights and reasonable expectations.

Because we need it to comply with the law: In some very rare cases, we will need to retain your information because we are compelled to do so by law.

What we do with it

YESSS uses the data we collect to operate our business and provide the goods and services we offer. We also use it to send communications, including promotional communications and to serve our legitimate business purposes.

Providing and improving our goods and services:We use data to provide the goods and services we offer, improve them, and perform essential business operations.

Providing our goods and services: We use your data to process your transactions with us, e.g. the purchase of goods, and to provide our goods and services to you.

Customer support: We use your data to process any request for assistance you make and to provide other customer care and support services.

To check that you have (or are likely to have) the means to pay us for any products you order from us over the internet or via one of our mobile apps.

Legitimate business purposes: We use data to detect and prevent fraud, to resolve disputes and enforce our agreements. We also use it for our own legitimate business purposes including audit or internal training.

To provide you with our websites, mobile apps and in-store WIFI networks, which all require a certain amount of technical information to work properly. For example, our local store finder is most effective when we can tell where you are first.

To power our security measures and services so you can safely access our website and mobile apps. It also lets us do things such as recognise your username and password, as well as reset them if you happen to forget what they are.

Business Operations: We use data to develop business intelligence that enable us to operate efficiently, make informed decisions and report on the performance of our business. We also analyse your use of our websites, apps and your response to our communications to improve the goods and services we offer.

Communications: We use data we collect to deliver and personalise our communications with you. For example, we may contact you by email or other means to remind you about items left in your online shopping basket, update you on a request you have made, invite you to participate in a survey or tell you that you need to take action to keep your account active.

We also use your data to send you marketing communications about products, activities, promotions or other matters that we feel may be of interest or use to you. You can sign up for email subscriptions and choose whether you wish to receive promotional communications from YESSS by email, SMS, post and telephone. For information about managing email subscriptions and promotional communications please contact our Customer Care team at customercare@YESSS.co.uk.

How we share your data

We share your personal data with your consent or as necessary to complete any transaction or provide any good or service you have purchased. We may also share your details with suppliers or vendors we hire to carry out certain tasks on our behalf, and to exercise or defend our legal rights and fulfil our legal obligations.

Payment

When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.

Vendors and Suppliers

We sometimes use third party vendors or suppliers to carry out certain activities, such as processing and sorting data, administering our Rewards scheme, monitoring usage of our website and issuing e-mails for us. In such cases, we may share your contact details, sale data and other relevant information. Our partner companies must abide by our data privacy and security requirements, and are not allowed to use personal data they receive from us for any other purpose.

Sale data

We sometimes share sell out data with our suppliers to assist them in production planning.

Credit checks

If you apply for a credit account, we will share your data with credit reference agencies, who will keep a record of your application and share information with other businesses. As part of this process, those credit reference agencies will search your business and personal credit records and those of persons financially linked to you. You can obtain more information on how these agencies process your data by referring to their Privacy Policy, which will be displayed on their website.

When you apply for a credit account, you warrant that you have sought and obtained consent from persons financially linked to you for their information to be provided as part of the credit search. If your application is successful, we will let credit agencies know of any change of address, payments made, account balance, defaults on payment, late payments, disputes, or debts. If you make further credit applications, YESSS or other organisations may use the information recorded on your personal or business credit file to assist in making decisions. We may share those details with other companies in our group, or with fraud and theft prevention agencies.

Debt recovery

We sometimes share information with debt collection agencies where payments were missed or the correct amount has not been paid.

YESSS Group

We share personal data among YESSS affiliates and subsidiaries. We may also disclose personal data as part of a corporate transaction such as a merger or acquisition.

Finally, we will access, transfer, disclose and preserve personal data when we have a good faith belief that doing so is:

1. allowed under applicable law;

2. necessary to respond to valid requests for information, including from law enforcement agencies;

3. necessary to protect our customers, for example to prevent fraud.

Mobile app platforms

Our mobile apps run on third party software platforms, for example, Apple's iOS platform which powers Apple's iPhone and Google's Android platform which powers Android-based smartphones. If you use any of our mobile apps, your usage of those apps is also subject to the relevant mobile app platform provider's terms and conditions and privacy policy. You should review their terms and conditions and privacy policy to ensure you understand what information (if any) they will gather on you, how they will use that information, and what you may be able to do if you are unhappy about it.

Your rights / access

You have rights over how we use your data.

Access: You have a right to know whether we hold personal information about you. Where this is the case, you may request a copy of your personal data we held, as well as information about how it is being used. Your request will be responded to within one calendar month of your request. Please note that we may require you to provide proof of identity and, in certain cases, a fee, before we are able to provide any information.

Rectification: Where information held about you is inaccurate or incomplete, you may request its rectification or completion.

Objection: You have a right to object to the use of your data for marketing purposes. Additionally, where we have used your data in pursuit of our legitimate interests, you can ask us to stop (subject to conditions).

Restriction: You have a right to ask us to restrict our use of your personal data in some circumstances, for example whilst we investigate a complaint that the data we hold about you is inaccurate (subject to conditions).

Erasure: In certain circumstances, you may request that your information be erased (subject to conditions).

Withdrawal of consent: You are allowed to withdraw your consent to our use of your data at any time. If there is no other justification for the use of your data, we will stop using it.

Complaint: If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer, who will investigate the matter. If you are dissatisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (www.ico.org.uk).

To exercise any of these rights, or for further information on how your personal data is handled, please contact our Data Protection Officer at data.protection@YESSS.co.uk.

Your Communications Preferences

You can choose whether you wish to receive promotional communications from YESSS by email, SMS, postal mail and telephone. If you receive promotional email or SMS messages from us and would like to opt out, you can do so by following the instructions in those messages.

You can also manage your preferences regarding the receipt of promotional materials by signing into the My Account section of our Website and update contact information, manage contact preferences, or opt out of promotional materials. Please note we will process your request promptly, but in some cases you may need to allow up to 14 days for the changes to be effective.

If you are not signed up for an online YESSS account, you can manage your email contact preferences by contacting customercare@YESSS.co.uk.

Browser-Based Controls/ Cookies

A cookie is a small text file that is downloaded onto your computer, tablet or smartphone when you access a website. It allows the website to recognise your device and store some information about your preferences or past actions.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not.

The table below explains the cookies we use and why.

Cookie Name

Purpose

YESSSstorefrontRememberMe

This enables users to have access from the same machine to all their data after a login, even after the session has expired.

SITE_USER

This is used for storing the customer's username.

userAccountInfo

Stores the user’s account number of user in YESSS mobile app.

userFirstName

Stores the user’s first name. Used in mobile app.

userLastName

Stores the user’s last name. Used in mobile app.

userLogin

Stores the user’s last username.

gyw-cart (base site Id+"-cart")

This cookie stores your shopping cart’s unique identifier. It also enables us to restore any saved cart.

fastOrdercookies

This cookie is created on quick order page with the value code

ALLPARTNUMBERS or YESSSPARTNUMBERSONLY. The value of this ccokie is set to session.

languageCookie

This stores your preferred session language.

YESSSregion

This cookie stores the geographical area in which you are located.

regionsuffix

This cookie is used in mobile app for making webservice calls.

app

Created when app=true is received in query parameter

JSESSIONID

This stores your session ID

acceleratorSecureGUID

Created by accelarator with a random string which is also stored in session. For resources marked with the RequireHardLogIn annotation, RequireHardLoginBeforeControllerHandler checks that the cookie's value in the request matches the one stored in the session; only if those values are equal is the user allowed to access the required resource, if not, the user is redirected to a login page.

VSReferrer

An identifier that stores that website that referred you

VSCurrency

An identifier that references the currency the prices are displayed in.

VSVatPrices

An identifier that references if prices are shown inclusive or exclusive of VAT.

VSCategoryGroup

An identifier that references the last top level category visited

VSCourierID

An identifier that references the courier the customer has selected.

VSCountryID

An identifier that references the country the customer has selected.

VSWishlistId

An identifier that references the database entry holding the visitors wishlist on the website when they are not logged in.

VSWishlistToken

An identifier that references the database entry holding the visitors wishlist on the website when they are not logged in.

affiliate_source

Details of which Affiliate scheme referred the visitor to the website - such as Webgains or Affiliate Window.

Webgains or Affiliate Window.

vs_login

Secure login token if the visitor selected for the website to remember them.

vsaffid

Secure login token if the visitor selected for the website to remember them.

Visualsoft

Affiliates module.

Google Analytics

Non-personal information used to track a visitor’s route through the website. This is used to find at which point customers have abandoned the checkout process and is used toimprove thewebsite. You can read more information on the cookies used by Google Analytics uses on its information page

CART

The association with the customer's shopping cart.

CATEGORY_INFO

Stores the category info on the page to load pages faster.

COMPARE

The items in the customer's Compare Products list.

CUSTOMER

An encrypted version of the shopper's customer ID.

CUSTOMER_AUTH

Indicates if the customer are currently logged in to the store.

CUSTOMER_INFO

An encrypted version of the shopper's customer group.

EXTERNAL_NO_CACHE

Indicates if caching is disabled or enabled.

FRONTEND

The customer's session ID.

GUEST-VIEW

Determines if guests can edit their orders.

LAST_CATEGORY

The last category visited by the shopper.

LAST_PRODUCT

The most recent product viewed by the shopper.

NEWMESSAGE

Indicates whether a new message has been received.

NO_CACHE

Indicates if the cache can be used to store information.

PERSISTENT_SHOPPING_CART

A link to information about the shopper's cart and viewing history.

RECENTLYCOMPARED

Items recently compared b the shopper.

STF

Information on products the shopper has emailed to friends.

STORE

The store view or language chosen by the shopper.

USER_ALLOWED_SAVE_COOKIE

Indicates if the shopper allows cookies to be saved.

VIEWED_PRODUCT_IDS

The products recently viewed by the shopper.

WISHLIST

An encrypted list of products added to the shopper's wishlist.

WISHLIST_CNT

The number of items in the shopper's wishlist.

_utma

Identifies shoppers and sessions.

_utmb

Determines new sessions/visits.

_utmc

Determines if the shopper is in a new session/visit.

_utmz

Saves the traffic source or campaign that explains how the shopper reached your site.

Browser controls. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website. To find out more about cookies, including how to customise your browser’s cookie settings, you can visit www.allaboutcookies.org.

How long we keep your information

YESSS retains personal data for as long as necessary to provide you with the goods and services you have requested, to operate our business, or for other essential purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. How long we keep data for depends on what it is used for, so retention periods will vary for different types of data.

Find out how we determine how long we keep information for.

The criteria below are good indicators of how we decide how long to keep data for:

· How long is the personal data needed to provide the goods and services and operate our business? This includes such things as maintaining good business and financial records. This is the general rule that establishes the baseline for most data retention periods.

· Is YESSS subject to a legal, contractual or similar obligation to retain the data? This includes cases where the law prescribes we should keep information for a given period of time, or where data must be preserved during an investigation, for current or potential litigation or contractual purposes. Some data must also be kept for audit purposes.

· Have you provided consent for a longer retention period? If so, we will retain data in accordance with your consent.

Transfers abroad

In some cases, we may need to transfer your information outside of the European Economic Area because we (or a third party or vendor we use) store it on systems that are hosted abroad, or because we need to share it with companies that are not situated in the European Economic Area.

Where this is the case, we will always ensure that your information is safe and only sent to organisations providing adequate safeguards, such as:

· Organisations who are contractually bound to protect your information;

· Organisations who have obtained Privacy Shield certification.

We may also transfer your data abroad if we have a legal obligation to do so.

Changes to this Policy

This Policy was last updated in May 2018. If we change our Privacy and Cookies Policy, we will update the changes on this website. We may also place notices on other pages of the website so you check our current policy at any time.

We are the 'data controller' of the information you provide us with. This term is a legal phrase used to describe the person or entity that controls the way information is used and processed.

We are registered under the Data Protection Act 1998 with the Information Commissioner's Office in the UK. Our registration number is ZA017620.

Where to Go if You Want More Information About Your Privacy Rights

The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here: https://ico.org.uk/for-the-public/.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.